top stories

The Association of Chartered Certified Accountants (ACCA) is pleased to have this opportunity to comment on the Code of Practice: Internal Audit Standards for Local Government in the UK (the draft code). These comments have been prepared in consultation with members of ACCA's Internal Audit Sub-Committee, a group of experienced internal auditors.

ACCA is concerned that CIPFA has taken upon itself the task of developing the draft code without co-operating with other professional institutes who represent internal auditors and other stakeholders in local government. We believe that it is important that such a code should have widespread acceptance from its inception. For this reason we believe that, as a minimum, the other CCAB accountancy bodies and the Institute of Internal Auditors should have been fully involved in its development. This was the case with the document Internal Audit: A Guide to Good Practice for Internal Auditors and Their Customers (1999), which was developed by a working party representing the six CCAB accountancy bodies and the Institute of Internal Auditors.

In addition, we are concerned that the draft code will become the standards for internal audit in Scotland and Northern Ireland by default. The Office of the Deputy Prime Minister is proposing to issue regulations which will indicate that, for Local Authorities in England and Wales, "proper practice for internal audit" will be as detailed in the code. The code, however, will have no regulatory backing in Scotland nor Northern Ireland despite its title indicating common applicability across the United Kingdom.

The Government Internal Audit Standards produced by HM Treasury, have now gained widespread recognition across the public sector. Thus it is appropriate for any standards for internal audit in local government to be based on these standards, as is the case with the draft code. The foreword to the draft code should, however, give full acknowledgement to the fact that the code is based closely on these Standards and that the draft code is an adaptation of the Standards for the local government environment.

Given that the draft code follows the Government Internal Audit Standards so closely, we believe that it is unfortunate that the draft code does not adopt the definitions of internal control and internal audit used by the Standards. The draft code defines the internal control environment as consisting of financial controls, corporate governance and risk. In contrast, the Standards refer to risk management, control and governance. Thus the draft code appears to place an undue emphasis on financial controls, although, in Section 1.2, the full scope of internal audit is described as in the Government Internal Audit Standards.

We consider it would be helpful if CIPFA indicated where changes have been made to the Government Internal Audit Standards. This would make it easier for those consulted to consider whether or not such changes were justified and adequately reflect the local government regularity environment.

In central government, the Accounting Officer has clear responsibility for internal control across the organisation and internal audit's prime purpose is to provide advice and opinions to the Accounting Officer. In local government, in England, Wales and Scotland the Responsible Financial Officer has responsibility for internal financial control whilst the authority itself has responsibility for maintaining an effective internal audit service and for the overall quality of internal control across the organisation. In Northern Ireland it is also the authority which has responsibility for internal financial control.

Consequently one of the main tasks of adapting the Government Internal Audit Standards to the local government environment is to assign clear responsibility for the various aspects of internal control and internal audit. We do not believe that the draft code has achieved this in a satisfactory manner. In most cases, the draft code merely refers to 'the organisation' whereas the Standards refer to 'the Accounting Officer'. The draft code, however, does not make clear exactly who this should refer to in particular circumstances. We believe that in most cases it will be the council, advised by an audit committee, which will fulfil the role undertaken by the Accounting Officer in central government. The code should be explicit about the body or individual (for example, chief executive or Responsible Financial Officer) who should have prime responsibility for certain tasks related to the internal audit service.

ACCA does not share CIPFA's view that the finance director of a local authority should be able to control and influence both the work programme of internal audit and the quantity and quality of staff made available to undertake audit projects. We consider that internal audit should be independent of the finance director and that its prime duty should be to the authority as a whole. Thus internal audit should report through the audit committee and so provide advice to the full council. Thus we do not accept the emphasis put on the role of the Responsible Financial Officer in regard to internal audit, for example, at paragraphs 2.2.2, 4.2.1, 4.2.4, 4.2.5 and 9.1.1.

ACCA does not accept that it is appropriate for external quality reviews of internal audit to be undertaken by the external auditors (paragraph 10.4.1). The external auditors will be mainly interested in internal audit to the extent to which they can rely on the work internal audit has undertaken on the organisation's main financial systems. The work of internal audit should have a much wider scope than this. Pressures from external audit in local government have meant that internal audit has had to concentrate on the main financial systems and to undertake substantive testing on these systems. This type of approach has been criticised as inappropriate by HM Treasury, although the draft code suggests, at paragraph 7.2.(f), that substantive testing should be an appropriate approach adopted by internal audit.

We have some concerns that paragraph 1.2.4 (and also paragraph 6.1.2) of the draft code may encourage the extension of internal audit's consultancy work at the expense of its core assurance work. ACCA believes that this assurance work should take precedence over any consultancy work which is undertaken. Such consultancy work should only be undertaken if the resources are available and that this work will not prejudice the completion of the planned assurance programme.

We have included some comments of lessor significance in the Annex to this letter.

ANNEX: ITEMS OF LESSER SIGNIFICANCE

1. The introduction to the draft code provides details of the regulatory background for internal audit in local government. This should be reduced to a brief introduction to the role, objectives and basis of internal audit in a local authority with the detailed legal provisions relegated to an annex to the code.
   
2. The foreword and introduction to the draft code should make specific reference to the Government Internal Audit Standards produced by HM Treasury, indicate that the draft code is an adaptation of these Standards to the local government regulatory environment and thank HM Treasury for their permission to use their Standards in this manner.
   
3. Paragraph 1.1.1(d) should be made more explicit in terms of the officers and committees which are being referred to.
   
4. Paragraph 1.1.3 should indicate that it is the audit committee which should approve and regularly review the terms of reference for internal audit.
   
5. Paragraph 1.3.3 should be amended to ensure that it is clear that the paragraph is referring to internal audit's ongoing right of access for future audit purposes.
   
6. It is not clear why the last phrase from paragraph 1.4.3 of the Government Internal Audit Standards has been omitted.
   
7. Paragraph 2.2.4 should indicate that the audit committee should advice the council on an appropriate budget for internal audit.
   
8. Paragraph 2.5.1 was written before the events at Enron, WorldCom etc became public. Consideration should not be given to the need to revise this paragraph by prohibiting audit contractors providing additional services to the organisation, at least unless these have been agreed in advance by the audit committee.
   
9. The discussion on audit committees currently in the glossary to the draft code would be more appropriate if it was included in section 3 on this subject.
   
10. Section 3.2 should list those internal audit issues on which the audit committee should advice the council. This would ensure that the substance of the Government Internal Audit Standards guidance in this section was retained.
    
11. Paragraph 3.2(a) from the Government Internal Audit Standards should be retained to indicate that the audit committee should have a role in the appointment and dismissal of the Head of Internal Audit.
    
12. Paragraph 3.2(c) from the Government Internal Audit Standards should be retained in full to indicate the audit committee's role in considering the internal audit periodic plans in addition to the strategy.
    
13. Paragraph 3.3.2 from the Government Internal Audit Standards should be retained in full to ensure that the Head of Internal Audit is able to raise any issues they wish with the chair of the audit committee.
    
14. We consider that paragraphs 4.4.1 and 4.4.2 are useful additions to the draft code.
    
15. Paragraph 4.6.1 of the draft code should refer to the audit committee as this should be the usual channel for internal audit to maintain relationships with elected members.
    
16. Section 6.2 should advice that the audit committee should approve the internal audit strategy and periodic plans rather than just 'the organisation'.
    
17. Paragraphs 7.1.2 and 7.1.3 from the Government Internal Audit Standards should be retained. It is helpful for internal audit to have a named senior manager who is the sponsor for each of their audit assignments.
    
18. We do not consider that substantive tests, paragraph 7.2.1(f), or analytical review, paragraph 7.2.4 are appropriate approaches for internal audit to adopt.
    
19. Paragraph 9.1.6 should refer to reporting to the audit committee rather than the Responsible Financial Officer.

Back to top